In 2011 comedian Louis C.K. He offered the complete download of his show online for just 5 dollars and in a few days he managed to accumulate more than 1 million in PayPal. On their official website you can see the capture of the account, surprising!
I remember that back then I thought that if I had so much money in my PayPal I would have an exclusive locked notebook to access the account and thus avoid any security problem. As if it were a NASA team or something like that.
In fact, many security specialists recommend using live-cds to access bank accounts, as they are a fast and secure way to evade any malware that may be hosted on the system, waiting for us to enter our home banking.
When sensitive information is handled on a laptop, it is obvious that extra precautions must be taken to protect it, but sometimes the most obvious can be overlooked, as has happened to Jens Kyllnen, a professional poker player.
At an event held in Barcelona the Jens laptop ended infected with a remote access TrojanThese types of programs also known as RAT (Remote Access Tool) allow you to have full control over the system. They are generally used to spy since with a few simple clicks they allow taking captures with the webcam, seeing the desktop, recording everything that is written, accessing documents, etc … all without the victim knowing.
What was interesting about this attack was the way in which their system ended up being infected, it was not a vulnerability exploited by a remote attacker, they did not sniff WiFi and they did not download a cracked program that came with hidden gifts. It was a physical access to the equipment.
Apparently someone took his notebook from the hotel room and installed the Trojan. It all started when he tried to enter his room and the card on the door did not work, he went down to the reception to ask for another one and when he returned he found the machine nowhere.
He left the room to find out what had happened, it was possible that one of his friends was using it and when he returned the team was on the table where he had left it. At first he doubted himself, but when he turned it on he found the following screens:
When they appear it is because something has happened, it does not mean that the computer is infected because they could be generated by some Windows error, but in this situation it was something strange. In addition, he had a user password configured and after this incident Windows did not I asked to start. It was clear that someone had broken or reset the password to access the system.
The photographs I have taken from this forum where he himself tells the story, it is a bit long and incredible. Well, the same thing happened again later, although this time the notebook appeared in the reception, apparently someone from the hotel had found it strangely in one of the corridors.
The Trojan on your machine:
In doubt of an infection, Jens brought his notebook to F-Secure's offices for forensic analysis and what they found was a Trojan written in Java that had the ability to take screenshots. This will allow an attacker, for example, to see the player's cards in an online game:
After performing the analysis, they also detected the same Trojan in the team of their roommate, another professional player who participated in the tournament.
Protection for these cases:
With physical access there are not many defenses if the attacker knows very well what he is doing, but there are some things we can do to at least complicate the task.
The basic thing is to configure a password for all users and not neglect it, most of us do not handle information so tempting as to make us a sophisticated attack, but if you are someone known and handle important issues from your notebook it is always good to be prepared.
If you leave it in the room, it could be hidden in the least expected place, at least it would be better than leaving it on the table. Or in the safe, although they are usually small and come with a master key, so I would not trust 100%.
A padlock for the notebook could serve, but the same, can be opened and unless the cover is locked, in the same room the attacker could take out a USB stick, start the machine and do his own thing.
Encrypting the hard drive completely is a good option, especially if the computer is stolen. Although there are also attacks with bootloaders that modify the boot and install malware, so an experienced attacker could still overcome this difficulty.
Be careful with the USB sticks that we connect is another good recommendation, they are usually used to spread worms and it is an attack that could be carried out even when we are present with some social engineering.
For trips you could also use a disposable notebook that does not have important information on the hard disk, in fact you could directly remove the hard disk and handle it with an encrypted and bootable pen drive or information stored in the cloud. At least if the machine is stolen, no information will be lost and without a disk infecting the hardware is already quite heavy.
What other security measures can you think of for cases like this player?
And all this without mentioning mobile devices that can also be infected with remote access Trojans and may even be easier.